I'm not sure what detail I should include in this post, as promiscuous mode confuses the hell out me from reading about it online. I'll just tell you about the setup I used to have before SSL encryption became common place, just so I can relate easier.
Now one of the things I was reading about was how promiscuous mode doesn't work with a switched network. I used to have one of those popular Linksys WRT45G wireless router, which was connected to a Siemens Speedstream 4100 dsl modem. The computer (running Windows) that would be trying to monitor the iPod was hardwired to either one or the other, I can't remember. Would this setup mean the hardwired computer could intercept the iPod data because the modem is acting like a hub or something?
The hardwired computer was using Realtek PCIe FE family controller (no idea what that is) and had Atheros AR9485 802.11 b/g/n wifi adapter that was disconnected. So is it the realtek thing that has to support promiscuous mode in this case? I read that Atheros wifi adapters usually support promiscuous mode but I suppose that only works if the computer is connected via wifi?
That is all I can think of right now, if there is any additional info you need from me please let me know. Thanks
asked 17 May '17, 11:37
There would be two ways of capturing the iPod's traffic:
For the first one, you'd capture on the Atheros adapter, in monitor mode. If your network is "protected", meaning it's using WEP or WPA/WPA2, and encrypting packets, you would have to follow the instructions in the Wireshark Wiki page on decrypting 802.11 traffic. In that case, the Atheros adapter would have to support monitor mode when running Wireshark; unfortunately, that's somewhat difficult on Windows - you'd need to install NPcap rather than WinPcap.
For the second one, you would probably need to use a hub (a real hub, not a switching hub) with at least 3 ports. You'd plug the wireless router, the DSL modem, and the Windows PC into the hub and capture in promiscuous mode. That should work on Windows.
You would need to use the hub because if either the wireless router or DSL modem has more than one Ethernet port, the Ethernet ports on the router/modem are probably on an internal Ethernet switch, so that you're on a switched network - and, no, promiscuous mode doesn't work on a switched network unless the switch supports "monitoring ports", and the cheap switches inside wireless routers and DSL/cable/etc. broadband modems usually don't support "monitoring ports".
answered 17 May '17, 20:40
Guy Harris ♦♦